Many different types of computer programs and computer systems employ a wide variety of different types of security. Some security measures limit the access that different users have to the computer program or computer system, based upon the role that the individual user plays with respect to the computer system. For example, a manager may have different access than a sales representative. In these types of situations, it can be difficult to determine exactly what access individual users (who have individual roles) should have to the computer system.
As one example, there are many different types of business computer applications or computer systems. Some of those different types include enterprise resource planning (ERP) systems, customer resource management (CRM) systems, line-of-business (LOB) applications, or other systems that involve business data. In this example the computer system is an ERP system. In an ERP system, different users of the system are given different levels of access to the information stored in the system. For instance, a user that is employed in a human resources position may have access to the personal files (such as salary information, security clearance information, etc.) for the employees of the company. That same person, however, may have no access to the sales data for the company. On the other hand, a sales manager may have access to a great deal of customer data and sales data in the ERP system, but may not have access to the personal information files for the employees in the company. It can thus be seen that the role that an individual plays in the company can determine what types of access or privileges the user is given to the ERP system. This can be referred to as a system with role-based access.
These types of systems present certain challenges. For example, it can be difficult to determine exactly what permissions or privileges a given user requires for that user to perform the work necessary to carry out his or her position. For instance, if a user is employed as an accounts payable clerk, it can be difficult to identify exactly which types of data that user should have access to in the ERP system and which components of the system the user needs access to in order to perform the workflow required of an accounts payable clerk. Identifying permissions can take many hours, and can be both inefficient and error prone.
These problems can be exacerbated in certain ways as well. When the business needs of a company change, it would commonly require some modifications to existing role definitions or creation of new roles related to a company When a new role is created, someone must normally create new privileges and permissions within the ERP system for an individual employed in that new role or identify which existing privileges and permissions can be reused. This may also mean that previously-existing roles need to have their permissions or privileges changed as well, in order to accommodate the employee in the new role.
In any of these scenarios mentioned above, an administrator or other person assigning privileges or permissions in the system must normally have intricate knowledge of both the computer system and the way each given user performs the business process workflow required of his or her role in the company. In addition, the process is an intensively manual process. These types of problems exist for substantially any systems that use role-based access control.
The discussion above is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed subject matter.